The ACL API

ACL Overview

The Access Control List (ACL) filters packets passed from the AppNexus core switch into your VLAN. An ACL is made up of an ordered set of Access Control Entries (ACEs) that represent permit and deny statements applied to certain ports and incoming and destination IP addresses. For example, the below ACE permits TCP traffic from any IP address to the IP address 1.1.1.1:

permit tcp any host 1.1.1.1

Here is an example of an ACL made up of several ACEs. Note that the order of ACEs matters, because a core switch tests packets against ACEs one by one and stops checking after the first match. If no conditions match, the switch denies the packet.